auth-cli-commands (#25)

* Iam: cli commands.

* Fix SA ARK.

_iam/src/AdapterForCli/CreateMarketplaceOauthClientCommand.php

@@ -0,0 +1,116 @@
+<?php declare(strict_types=1);
+
+/*
+ * This file is part of the medicalmundi/marketplace-accounts
+ *
+ * @copyright (c) 2023 MedicalMundi
+ *
+ * This software consists of voluntary contributions made by many individuals
+ * {@link https://github.com/medicalmundi/marketplace-accounts/graphs/contributors developer} and is licensed under the MIT license.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ * @license https://github.com/MedicalMundi/marketplace-accounts/blob/main/LICENSE MIT
+ */
+
+namespace IdentityAccess\AdapterForCli;
+
+use App\Entity\OAuth2ClientProfile;
+use Doctrine\ORM\EntityManagerInterface;
+use Exception;
+use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
+use League\Bundle\OAuth2ServerBundle\Model\AbstractClient;
+use League\Bundle\OAuth2ServerBundle\Model\Client;
+use League\Bundle\OAuth2ServerBundle\ValueObject\Grant;
+use League\Bundle\OAuth2ServerBundle\ValueObject\RedirectUri;
+use League\Bundle\OAuth2ServerBundle\ValueObject\Scope;
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Style\SymfonyStyle;
+
+#[AsCommand(
+    name: 'app:oauth:create-for-marketplace',
+    description: 'Create oAuth client for stage.marketplace website',
+)]
+class CreateMarketplaceOauthClientCommand extends Command
+{
+    public function __construct(
+        private readonly ClientManagerInterface $clientManager,
+        private readonly EntityManagerInterface $em,
+    ) {
+        parent::__construct();
+    }
+
+    protected function configure(): void
+    {
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $io = new SymfonyStyle($input, $output);
+
+        try {
+            $this->checkDefaultOauthClientOrCreate($io);
+        } catch (Exception $exception) {
+            $io->error($exception->getMessage());
+            return Command::FAILURE;
+        }
+
+        return Command::SUCCESS;
+    }
+
+    private function createOauthClientForMarketplaceEngine()
+    {
+        $clientName = 'Marketplace Engine Client';
+        $clientId = 'marketplace-engine';
+        $clientSecret = 'marketplace';
+        $clientDescription = 'Marketplace website';
+        $scopes = ['email'];
+        $grantTypes = ['authorization_code', 'refresh_token'];
+        $redirectUris = ['https://marketplace.oe-modules.com/connect/oemodules/check'];
+
+        $oAuthClient = $this
+            ->buildOauthClient(
+                $clientName,
+                $clientId,
+                $clientSecret,
+                $redirectUris,
+                $grantTypes,
+                $scopes,
+                $clientDescription
+            );
+
+        $this->clientManager->save($oAuthClient);
+
+        // Create Client Profile
+        $oAuth2ClientProfile = new OAuth2ClientProfile();
+        $oAuth2ClientProfile->setClient($oAuthClient)
+            ->setName($clientName)
+            ->setDescription($clientDescription);
+        $this->em->persist($oAuth2ClientProfile);
+        $this->em->flush();
+    }
+
+    private function buildOauthClient(string $name, string $identifier, string $secret, array $redirectUriStrings, array $grantStrings, array $scopeStrings, string $clientDescription): AbstractClient
+    {
+        $client = new Client($name, $identifier, $secret);
+        $client->setActive(true);
+        $client->setAllowPlainTextPkce(false);
+
+        return $client
+            ->setRedirectUris(...array_map(static fn (string $redirectUri): RedirectUri => new RedirectUri($redirectUri), $redirectUriStrings))
+            ->setGrants(...array_map(static fn (string $grant): Grant => new Grant($grant), $grantStrings))
+            ->setScopes(...array_map(static fn (string $scope): Scope => new Scope($scope), $scopeStrings))
+        ;
+    }
+
+    private function checkDefaultOauthClientOrCreate(SymfonyStyle $io): void
+    {
+        if (null === $this->clientManager->find('marketplace-engine')) {
+            $this->createOauthClientForMarketplaceEngine();
+            $io->success('Oauth Client with identifier \'marketplace-engine\' was created');
+        }
+    }
+}

_iam/src/AdapterForCli/CreateStageMarketplaceOauthClientCommand.php

@@ -0,0 +1,116 @@
+<?php declare(strict_types=1);
+
+/*
+ * This file is part of the medicalmundi/marketplace-accounts
+ *
+ * @copyright (c) 2023 MedicalMundi
+ *
+ * This software consists of voluntary contributions made by many individuals
+ * {@link https://github.com/medicalmundi/marketplace-accounts/graphs/contributors developer} and is licensed under the MIT license.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ * @license https://github.com/MedicalMundi/marketplace-accounts/blob/main/LICENSE MIT
+ */
+
+namespace IdentityAccess\AdapterForCli;
+
+use App\Entity\OAuth2ClientProfile;
+use Doctrine\ORM\EntityManagerInterface;
+use Exception;
+use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
+use League\Bundle\OAuth2ServerBundle\Model\AbstractClient;
+use League\Bundle\OAuth2ServerBundle\Model\Client;
+use League\Bundle\OAuth2ServerBundle\ValueObject\Grant;
+use League\Bundle\OAuth2ServerBundle\ValueObject\RedirectUri;
+use League\Bundle\OAuth2ServerBundle\ValueObject\Scope;
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Style\SymfonyStyle;
+
+#[AsCommand(
+    name: 'app:oauth:create-for-stage-marketplace',
+    description: 'Create oAuth client for stage.marketplace website',
+)]
+class CreateStageMarketplaceOauthClientCommand extends Command
+{
+    public function __construct(
+        private readonly ClientManagerInterface $clientManager,
+        private readonly EntityManagerInterface $em,
+    ) {
+        parent::__construct();
+    }
+
+    protected function configure(): void
+    {
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $io = new SymfonyStyle($input, $output);
+
+        try {
+            $this->checkDefaultOauthClientOrCreate($io);
+        } catch (Exception $exception) {
+            $io->error($exception->getMessage());
+            return Command::FAILURE;
+        }
+
+        return Command::SUCCESS;
+    }
+
+    private function createOauthClientForMarketplaceEngine()
+    {
+        $clientName = 'Stage Marketplace Engine Client';
+        $clientId = 'stage-marketplace-engine';
+        $clientSecret = 'stage-marketplace';
+        $clientDescription = 'Stage Marketplace website';
+        $scopes = ['email'];
+        $grantTypes = ['authorization_code', 'refresh_token'];
+        $redirectUris = ['https://stage.marketplace.oe-modules.com/connect/oemodules/check'];
+
+        $oAuthClient = $this
+            ->buildOauthClient(
+                $clientName,
+                $clientId,
+                $clientSecret,
+                $redirectUris,
+                $grantTypes,
+                $scopes,
+                $clientDescription
+            );
+
+        $this->clientManager->save($oAuthClient);
+
+        // Create Client Profile
+        $oAuth2ClientProfile = new OAuth2ClientProfile();
+        $oAuth2ClientProfile->setClient($oAuthClient)
+            ->setName($clientName)
+            ->setDescription($clientDescription);
+        $this->em->persist($oAuth2ClientProfile);
+        $this->em->flush();
+    }
+
+    private function buildOauthClient(string $name, string $identifier, string $secret, array $redirectUriStrings, array $grantStrings, array $scopeStrings, string $clientDescription): AbstractClient
+    {
+        $client = new Client($name, $identifier, $secret);
+        $client->setActive(true);
+        $client->setAllowPlainTextPkce(false);
+
+        return $client
+            ->setRedirectUris(...array_map(static fn (string $redirectUri): RedirectUri => new RedirectUri($redirectUri), $redirectUriStrings))
+            ->setGrants(...array_map(static fn (string $grant): Grant => new Grant($grant), $grantStrings))
+            ->setScopes(...array_map(static fn (string $scope): Scope => new Scope($scope), $scopeStrings))
+        ;
+    }
+
+    private function checkDefaultOauthClientOrCreate(SymfonyStyle $io): void
+    {
+        if (null === $this->clientManager->find('stage-marketplace-engine')) {
+            $this->createOauthClientForMarketplaceEngine();
+            $io->success('Oauth Client with identifier \'stage-marketplace-engine\' was created');
+        }
+    }
+}

phparkitect-baseline.json

@@ -20,6 +20,16 @@
             "line": 27,
             "error": "depends on App\\Repository\\UserRepository, but should not depend on these namespaces: App\\Controller\\*, App\\Service\\*, App\\Repository\\* because of component architecture"
         },
+        {
+            "fqcn": "IdentityAccess\\AdapterForCli\\CreateMarketplaceOauthClientCommand",
+            "line": 88,
+            "error": "depends on App\\Entity\\OAuth2ClientProfile, but should not depend on classes outside namespace IdentityAccess\\Core because or namespaces in whitelist we want isolate our identity access Adapters from ever growing dependencies."
+        },
+        {
+            "fqcn": "IdentityAccess\\AdapterForCli\\CreateStageMarketplaceOauthClientCommand",
+            "line": 88,
+            "error": "depends on App\\Entity\\OAuth2ClientProfile, but should not depend on classes outside namespace IdentityAccess\\Core because or namespaces in whitelist we want isolate our identity access Adapters from ever growing dependencies."
+        },
         {
             "fqcn": "IdentityAccess\\AdapterForReadingAccounts\\AccountsDataProvider",
             "line": 26,

psalm-baseline.xml

@@ -1,5 +1,39 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <files psalm-version="5.15.0@5c774aca4746caf3d239d9c8cadb9f882ca29352">
+  <file src="_iam/src/AdapterForCli/CreateMarketplaceOauthClientCommand.php">
+    <ArgumentTypeCoercion>
+      <code>$oAuthClient</code>
+    </ArgumentTypeCoercion>
+    <LessSpecificReturnStatement>
+      <code><![CDATA[$client
+            ->setRedirectUris(...array_map(static fn (string $redirectUri): RedirectUri => new RedirectUri($redirectUri), $redirectUriStrings))
+            ->setGrants(...array_map(static fn (string $grant): Grant => new Grant($grant), $grantStrings))
+            ->setScopes(...array_map(static fn (string $scope): Scope => new Scope($scope), $scopeStrings))]]></code>
+    </LessSpecificReturnStatement>
+    <MissingReturnType>
+      <code>createOauthClientForMarketplaceEngine</code>
+    </MissingReturnType>
+    <MoreSpecificReturnType>
+      <code>AbstractClient</code>
+    </MoreSpecificReturnType>
+  </file>
+  <file src="_iam/src/AdapterForCli/CreateStageMarketplaceOauthClientCommand.php">
+    <ArgumentTypeCoercion>
+      <code>$oAuthClient</code>
+    </ArgumentTypeCoercion>
+    <LessSpecificReturnStatement>
+      <code><![CDATA[$client
+            ->setRedirectUris(...array_map(static fn (string $redirectUri): RedirectUri => new RedirectUri($redirectUri), $redirectUriStrings))
+            ->setGrants(...array_map(static fn (string $grant): Grant => new Grant($grant), $grantStrings))
+            ->setScopes(...array_map(static fn (string $scope): Scope => new Scope($scope), $scopeStrings))]]></code>
+    </LessSpecificReturnStatement>
+    <MissingReturnType>
+      <code>createOauthClientForMarketplaceEngine</code>
+    </MissingReturnType>
+    <MoreSpecificReturnType>
+      <code>AbstractClient</code>
+    </MoreSpecificReturnType>
+  </file>
   <file src="_iam/src/AdapterForWeb/Administration/OauthClient/OauthClientController.php">
     <MixedArgument>
       <code><![CDATA[$form->getData()]]></code>

tools/phparkitect/VendorDependencies/allowed_in_iam_adapters.php

@@ -9,11 +9,14 @@
     'League\Bundle\OAuth2ServerBundle',
 
     'Doctrine\DBAL\Connection',
+    'Doctrine\ORM\EntityManagerInterface',
 
     'Symfony\Bundle\FrameworkBundle\Controller\AbstractController',
     'Symfony\Component\HttpFoundation\Request',
     'Symfony\Component\HttpFoundation\Response',
 
+    'Symfony\Component\Console',
+
     'Symfony\Component\Form',
 
     'Symfony\Component\OptionsResolver\OptionsResolver',